Understanding the Risks of Remote Work
- 24 March, 2020 09:43
With organisations already asking employees to work from home, it seems inevitable that the world is heading toward a lockdown. As the COVID-19 outbreak spreads, everyone is now turning to remote work as a solution to keep their businesses running. So what does the surge of office workers staying home mean for digital congestion and swamped broadband networks? In addition, what will happen when more organisations encourage work-from-home policies without the appropriate infrastructure or practices in place?
This transition could also expose organisations to a different type of virus -- the one that lurks maliciously in the background of computers.
Risks associated with remote work
Some of the biggest security risks associated with remote work revolve around IT departments’ inability to enforce security, the employee lack of commitment to security best practices, and the tendency of remote employees to adopt more risky behavior.
While employee negligence has declined over the last three years, 17 percent of breaches in 2019 stemmed directly from it.
Most of the research was conducted during normal times, so it stands to reason that the percentage could get a lot higher with the surge in remote work.
Employees working from home make it difficult for IT to enforce security. Home networks are not on par – security-wise – with enterprise networks, meaning that any employee who remotely dials in could pose a threat.
Aside from home routers and network, some employees might even connect from rogue Wi-Fi networks, such as those in the pub or at the cafe around the corner.
Consequently, it’s not just the online security that needs to be considered. Also of note are the physical risks, such as somebody snatching a laptop or shoulder surfing to peek at confidential information.
The risks for employer
Organisations that plan to enforce work-from-home policies should also consider their infrastructure capacity. While not everyone needs remote access to critical systems, it’s understandable that most will need to remotely manage critical services.
Remote security management requires strict control and accountability of user access levels. It is critical to monitor employee access to data, information sent and received online, and legitimacy of access. This means that company-sanctioned VPN clients and services, multi-factor authentication, coupled with authorised device IDs should become basic security measures.
Deploying encryption to all company mobile devices should also be mandatory, as physical security plays a vital role when limiting risks associated with lost or stolen devices.
Best practice makes perfect
Before sending out a company-wide message that employees can work from home, IT and security teams should create policies specifically for remote workers. This involves allocating authorisation levels for all employees who access internal resources, based on their job description and responsibilities.
It is also recommended that they assess which systems are critical, which can be remotely managed, and who needs remote access. More VPN connections would need to be supported at the same time, which means the infrastructure will need to withstand simultaneous VPN connections.
Setting up rules and standards for which types of remote applications can be used or supported by the IT team is also recommended. Having a wide range of RDP and VPN clients means more time spent troubleshooting if some systems are incompatible.
As no meetings will take place in person, IT teams need to deploy a unified communication platform that supports video and audio meetings, is compatible with all operating systems deployed in employee endpoints, and is reliable when used by large groups.
Besides endpoint security solutions on all endpoints, some organisations have a patching and update policy managed by the IT department. Since most patches are pushed gradually through the local network, remote connection via VPNs to the organisation’s infrastructure might stress bandwidth further. It is important to come up with a plan for deploying those patches, without compromising bandwidth stability.
Last, but not least, IT and security teams need to set up network security, monitoring, and logging systems that make it easier to spot anomalous behavior by offering transparency into inbound and outbound traffic through VPN connections. Network monitoring, analysis and advanced EDR and forensic tools are highly useful technologies that can be used to identify suspicious network traffic. This makes it easier to spot compromise, misuse and even unsanctioned access, letting IT and security teams intervene quickly.
To Source or Not to Source?
Organisations can turn to managed security providers if their internal resources are insufficient or are unprepared for such an endeavour. These outsourced security teams can recommend procedures and policies that would apply to specific organisations, based on their profile.
MDR (managed detection and response) services can prove valuable in these circumstances, as organisations could be facing an increase in attacks. As employees become more susceptible to threats that would be prevented by perimeter defences within the organisation, MDR services can deploy tools for monitoring and auctioning on suspicious activity.
Any organisation that wants to cover all the bases in protecting both their infrastructure and their remote employees can turn to a unified endpoint prevention, detection, response and risk analytics platform. This will offer an effective protection integrated with low overhead EDR and Endpoint Risk Analytics (ERA) into a single-agent, single-console architecture that can help minimise endpoint attack surface, making it more difficult for attackers to penetrate.
Sourcing IT security is a viable option for organisations that lack the manpower and resources to cope with a work-from-home workforce. Organisations can turn to Managed Detection and Response (MDR) services that provide 24x7x365 operations staffed by experienced security analysts using an entire stack of technologies designed to quickly and effectively respond to malicious activities, actively removing the threat and limit any damage.
Additionally, layered Next-Gen Security provides protection to an organisation's offices, datacenters and public cloud, tailored to its specific needs. Read more here.